How financial institutions and others can comply with a more stringent regulatory environment

The 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act is one of the largest pieces of legislation in history, and it has complicated the regulatory environment by increasing the government’s oversight, supervision and resolution authority over financial institutions.

“As a result of Dodd-Frank, there are more agencies with oversight over more and different types of institutions, so compliance can be difficult,” says Michael K. O’Connell, managing director and Financial Institutions Practice leader of Aon Risk Solutions. “There are a lot of new agencies and those with redefined roles. There is new regulation of over-the-counter derivatives, a new agency for enforcing compliance with consumer finance rules, reformed credit rating agency regulation, changes to corporate governance and executive compensation, the Volker Rule, new registration requirements for advisers to certain private funds and significant changes in the securitization market.”

Smart Business spoke with O’Connell and John George, account executive at Aon Risk Solutions, about safely navigating this new, stricter regulatory environment.

What are some of the risks for noncompliance that businesses face with Dodd-Frank?

You might immediately think of the obvious financial risks — fines, penalties and injunctions — of not complying with any regulation, including Dodd-Frank. But before you get to that point, your business can incur significant costs responding to a regulatory investigation. On the back end, there also can be reputational harm, which is hard to pre-quantify but can be quite impactful.

These risks are interconnected, increasing the need for financial institutions to maximize the value of their risk transfer spend. Expert help can aid with this process by using robust data and analytic tools that help financial institutions understand their exposure, develop their modeling capabilities and ultimately derive the most value from their investment in insurance and risk mitigation.

How has executive liability changed with Dodd-Frank, and how can companies protect themselves?

There definitely is increased pressure on corporate boards of directors. The provisions of Dodd-Frank create new obligations that will drive shareholder expectations and potentially lead to heightened executive liability exposure. Directors and officers (D&O) liability insurance is designed to protect individual directors and officers, as well as the corporate entity from governmental or shareholder investigations and/or legal proceedings.

It is important to understand the Dodd-Frank provisions of clawback compensation, where boards can force executives to pay back some of their compensation for wrongdoing, corporate governance and whistleblower activity within the context of your company’s D&O liability program. Pay close attention to policies’ definitions and exclusions to understand the extent of coverage available.

In these areas, it’s critical to discuss what you really want to cover and how to achieve that within the context of the policy in the current insurance market. Understanding the scope of coverage is especially important in Side A D&O policies, which can provide dedicated personal asset protection to individual directors and officers when the company is either prohibited from indemnifying or not able to indemnify.

What are the best ways for financial institutions to cover privacy and security liability?

Privacy and security continues to be an area of focus for financial institutions. At the same time that the volume of personally identifiable information is increasing, so is regulatory focus on and awareness of privacy and security risk. With this, it is important for financial institutions and others to really understand and tailor their privacy and security coverage to their exposure.

Base policy forms vary greatly and must be customized to ensure maximum possible coverage. Take a diagnostic approach to privacy and security liability. Review the scope of coverage for first- and third-party exposures in conjunction with your existing insurance program and discuss coverage priorities with experts to fully define what you’re seeking.

The breadth of coverage available has evolved, as have the service offerings that can be bundled with a risk transfer program. An example is with breach management, where insurers offer turnkey solutions that can help financial institutions quickly and effectively recover from a breach. This approach is popular among mid-tier financial institutions that may not have pre-established relationships and resources to quickly handle a breach.

What are some other risks financial institutions are facing with operations and compensation?

Some financial institutions continue to struggle to meet regulatory requirements while maintaining sound compensation strategies. As regulation shifts from being guidance-based to rules-based, for smaller banks the question is when they will have to comply. Regardless of size, all financial institutions are being tasked with balancing risks and results, creating controls to reinforce that balance and ensuring effective management of incentive compensation. The first step in managing compensation compliance is identifying covered employees. The process, and ultimately the covered population, may vary by firm and is primarily determined by business mix. Often the most effective and well-received approach is to include risk adjustments at the time of award or deferral, with potential future forfeiture, for incentive compensation plans.

With the evolving issues related to compensation, executive liability, privacy and security, and other risks, it’s important for institutions to take an enterprise-wide approach to risk identification, quantification and mitigation. Using experts, many financial institutions accomplish this with the goal of keeping their risk perspectives current in the changing regulatory environment. Risk management professionals can help implement risk frameworks, analyze key risk scenarios and model risk, and then align an institution’s insurance and risk transfer program to their underlying risk profile.